Amazon Employees Were Able to Observe Customer Apartments Remotely
Ring has published a statement about this topic on 14.01.19:
We take the privacy and security of our customers’ personal information extremely seriously. In order to improve our service, we view and annotate certain Ring video recordings. These recordings are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes. Ring employees do not have access to livestreams from Ring products.
We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them.
Ring does not provide and never has provided employees with access to livestreams of Ring devices.
As mentioned in our statement, Ring employees only have access to recordings that are sourced exclusively from publicly shared Ring videos from the Neighbors app (in accordance with our terms of service), and from a small fraction of Ring users who have provided their explicit written consent to allow us to access and utilize their videos for such purposes. Again, Ring employees do not have access to livestreams.
Amazon’s subsidiary Ring sells smart doorbells and Internet-connected surveillance cameras that allow owners to monitor their homes via the cloud with their smartphones. According to a report by The Intercept, employees of the company also had an opportunity to invade the privacy of unsuspecting customers via the surveillance cameras.
It should have already been enough to know the customer’s e-mail address in order to view their video surveillance in real time. This is particularly critical as the company, which was purchased by Amazon for one billion US dollars, also offers cameras that are explicitly intended for indoor use. The employees were able to access the cameras via the portal, which is actually used for technical support. According to the report, this even went so far that employees of the company monitored each other and then made internal jokes about their colleagues based on the content they saw.
The company’s developers, who are based in Ukraine, are said to have had access to all videos from all ring cameras via a folder in the Amazon S3 cloud in 2016. Also the assignment of videos to individual persons was no problem for the developers due to the database access. Amazon restricted access rights after they were taken over, but the problem was not solved because individual employees were able to bypass this protection.